Android is an open platform for mobile devices such as handsets and tablets. It has a large variety of security features to make developing secure software easier; however, it is also missing certain security aspects that are present in other hand-held platforms. The course gives a comprehensive overview of these features, and points out the most critical shortcomings to be aware of related to the underlying Linux, the file system and the environment in general, as well as regarding using permissions and other Android software development components.
Typical security pitfalls and vulnerabilities are described both for native code and Java applications, along with recommendations and best practices to avoid and mitigate them. In many cases discussed issues are supported with real-life examples and case studies. Finally, we give a brief overview on how to use security testing tools to reveal any security relevant programming bugs.
Audience
Android application developers, architects and testers
Course Objectives
Participants attending this course will:
§ Understand basic concepts of security, IT security and secure coding
§ Learn the security solutions on Android
§ Learn to use various security features of the Android platform
§ Get information about some recent vulnerabilities in Java on Android
§ Learn about typical coding mistakes and how to avoid them
§ Get understanding on native code vulnerabilities on Android
§ Realize the severe consequences of unsecure buffer handling in native code
§ Understand the architectural protection techniques and their weaknesses
§ Get sources and further readings on secure coding practices
Preparedness
Professional
Outline
§ IT security and secure coding
§ Android security overview
§ Application security
§ Android and Java vulnerabilities
§ Android native code security
§ Knowledge sources